From e1cc0d70a95a2be0113d4721481ccd4168772536 Mon Sep 17 00:00:00 2001
From: biniam <biniam@ca.ibm.com>
Date: Thu, 6 Sep 2018 10:39:53 -0400
Subject: [PATCH 1/2] fix: reject filter objects in destroyAll method

---
 lib/sql.js | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/lib/sql.js b/lib/sql.js
index 01eb1609..8903d002 100644
--- a/lib/sql.js
+++ b/lib/sql.js
@@ -780,7 +780,11 @@ SQLConnector.prototype.buildDelete = function(model, where, options) {
  * @param {Function} cb The callback function
  */
 SQLConnector.prototype.destroyAll = function(model, where, options, cb) {
-  var stmt = this.buildDelete(model, where, options);
+  try {
+    var stmt = this.buildDelete(model, where, options);
+  } catch (err) {
+    return cb(err);
+  }
   this._executeAlteringQuery(model, stmt.sql, stmt.params, options, cb || NOOP);
 };
 
@@ -1092,6 +1096,15 @@ SQLConnector.prototype._buildWhere = function(model, where) {
       }
       // The value is not an array, fall back to regular fields
     }
+
+    if (key === 'where') {
+      // business as usual if the model has a property named 'where'
+      if (props[key]) {
+        continue;
+      } else {
+        throw new Error('Filter object detected. Please use a where object instead.');
+      }
+    }
     var p = props[key];
     if (p == null) {
       // Unknown property, ignore it

From a9bf43752f0f0d1743d966eb1649376b76cfc7dc Mon Sep 17 00:00:00 2001
From: biniam <biniam@ca.ibm.com>
Date: Tue, 11 Sep 2018 15:41:33 -0400
Subject: [PATCH 2/2] fixup! apply feedback

---
 lib/sql.js | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/lib/sql.js b/lib/sql.js
index 8903d002..0b7fc856 100644
--- a/lib/sql.js
+++ b/lib/sql.js
@@ -1097,19 +1097,11 @@ SQLConnector.prototype._buildWhere = function(model, where) {
       // The value is not an array, fall back to regular fields
     }
 
-    if (key === 'where') {
-      // business as usual if the model has a property named 'where'
-      if (props[key]) {
-        continue;
-      } else {
-        throw new Error('Filter object detected. Please use a where object instead.');
-      }
-    }
     var p = props[key];
     if (p == null) {
-      // Unknown property, ignore it
-      debug('Unknown property %s is skipped for model %s', key, model);
-      continue;
+      throw new Error(
+        `Unknown property ${key} used in a "where" condition for model ${model}`
+      );
     }
     // eslint-disable one-var
     var expression = where[key];